[lug] Redhat doesn't support users that compile their own kernels.
D. Stimits
stimits at idcomm.com
Fri Nov 2 11:06:38 MST 2001
"Riggs, Rob" wrote:
>
> I'll have to side with Red Hat on this one. They really can't support all
> possible combinations of custom kernels out there. They would go broke
> trying. It's a problem with your kernel, not the init script. However, if
> you were to send Red Hat a patch for the init script so that it behaves the
> way you desire, there is a good chance that they would incorporate it.
>
> On the other hand, if you report it as a bug with *their* kernel ("ipchains
> init script does not report failure when iptables module is loaded"), there
> is a good chance that they'd fix it themselves.
The thing is that this is *not* a problem only with other kernels. I
believe their own kernel will also do this if iptables module is loaded.
They only concluded that this is a non-redhat kernel bug from the
wording. But I can't test this on a stock redhat kernel, my root
partition is XFS filesystem, they don't support that. I really wish
return values would get tested more often, it seems like amateur hour to
not even check for errors. Because of the XFS partition, I can't install
their kernel to repeat this failure under theirs, but I wasn't the only
one that noticed this.
D. Stimits, stimits at idcomm.com
>
> The key is convincing them that it is a problem on their end, and not with
> something you've done.
>
> -Rob
>
> -----Original Message-----
> From: D. Stimits [mailto:stimits at idcomm.com]
> Sent: Friday, November 02, 2001 8:49 AM
> To: BLUG
> Subject: [lug] Redhat doesn't support users that compile their own
> kernels.
>
> A while back I discovered that the init script for ipchains does not
> work correctly if the kernel itself does not support ipchains. This can
> be due to the iptables module being loaded, which forces ipchains to
> fail load. Or the module could simply not exist. Someone here confirmed
> that the problem was that at one point the script does not check for
> return values and runs blindly. I entered a bug report at RH bugzilla,
> but id 43708. Finally, this is the reply I got, it sounds a lot like
> Microsoft:
>
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=43708
>
> --- shadow/43708 Sun Oct 7 08:22:37 2001
> +++ shadow/43708.tmp.19063 Tue Oct 30 02:01:53 2001
> @@ -3,8 +3,8 @@
> Version: 7.1
> Platform: i386
> OS/Version: Linux
> -Status: ASSIGNED
> -Resolution:
> +Status: CLOSED
> +Resolution: NOTABUG
> Severity: security
> Priority: high
> Component: ipchains
> @@ -52,3 +52,14 @@
> deactivated is "not good". There is an extreme need to test
> for ipchains failure to activate, whether it is by direct failure,
> or by kernel support failure.
> +
> +------- Additional comments from mharris at redhat.com 2001-10-30 02:16:34
> -------
> +This is not really a bug, because Red Hat Linux does not support
> +user compiled kernels. You're free to compile and use your own
> +kernel of course, but problems introduced by doing so, that are
> +not reproduceable with the supplied kernels, are not generally
> +considered bugs.
> +
> +If you can cause a reproduceable problem by using the Red Hat
> +supplied kernel, then it is something worthy of investigating
> +further.
>
> I'm guessing that the person involved, mharris, does not realize this
> bug exists even with redhat kernels if iptables module is loaded and
> ipchains is attempted (since loading iptables module blocks ipchains
> module). Sounds like a cop-out to me, I can't believe Redhat has
> officially taken this attitude.
>
> So I guess be forewarned, Redhat is not interested in all bug reports
> against security.
>
> D. Stimits, stimits at idcomm.com
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list